I think a lot of the popular CRL providers are in there by default, just not enabled.
Michael Stanclift Network Analyst Rockhurst University Conway Hall, Office 415 1100 Rockhurst Road Kansas City, Missouri 64110 (816) 501-4231 From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Mike King Sent: Thursday, March 06, 2008 3:36 PM To: [email protected] Subject: Re: revocation list Specifically... You have to find out what the IP or the URL of the server where your CRL is located. This is determined by figuring out who issued your Cert that your CAS's have. Our Certs are issued from Geotrust. Then you put an exception in the default role to allow access to CRL On Thu, Mar 6, 2008 at 4:07 PM, Dale Harville <[EMAIL PROTECTED]> wrote: How do you open up the filters? Dale Harville Network Administrator Galveston College 4015 Ave Q. Galveston, TX 77550 409-944-1356 ________________________________ From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Mike King Sent: Thursday, March 06, 2008 1:21 PM To: [email protected] Subject: Re: revocation list Hi Shane. Yes, you have to open up the filters to allow clients to contact your CA to get the CRL. But this is not a Cisco requirement. This is a Microsoft Internet Explorer requirement. CCAA uses IE to perform the http part of the session. So if your IE is configured to check for a CRL, then CCAA will need it. You can disable it in IE advanced options, and IE won't require it anymore. But the better answer is to just allow access to it. Mike
